Microsoft Extends Patent Protections to Azure Stack Users

Microsoft this week announced an extension of its intellectual property (IP) indemnification program in a bid to cover users of its Azure Stack appliances, in addition to Azure cloud customers.

Microsoft first debuted its Azure IP Advantage program in February 2017, touting it as an indemnification program for users of Azure services. Through the program, Microsoft provides assurances to Azure customers that they have some defense against getting sued for infringing the software patents of third parties.

The assurance comes in the form of a pool of 10,000 Microsoft patents used for defensive purposes in court cases. If a customer gets sued for IP infringement, Microsoft promises to give the customer one of its patents for countersuing purposes. Microsoft may also take up the legal fight on behalf of the customer under this program.

Now the Azure IP Advantage program covers Azure Stack, an appliance certified by Microsoft's hardware partners that lets organizations run Azure services in their own datacenters, instead of having to use Microsoft's public cloud infrastructure.

Here's how Microsoft characterized the indemnity support for Azure Stack, which adds protections for open source software use:

With Azure IP Advantage, Azure Stack services receive uncapped indemnificationfrom Microsoft, including for the open source software powering these services. Eligible customers can also access a defensive portfolio of 10,000 Microsoft patents to defend their SaaS application in Azure Stack. This portfolio has been ranked among the top 3 cloud patent portfolios worldwide. They can also rely on a royalty free springing license to protect them in the unlikely event Microsoft transfers a patent to a non-practicing entity.

The "springing license" reference means that the patents that Microsoft may transfer to other companies under this program can't be used to make IP claims against other Azure customers.

In other Azure Stack news, Microsoft warned earlier this month that all Azure Stack systems are subject to "speculative execution"-type attacks associated with Intel, AMD and ARM processors (Security Advisory ADV180002). The attacks could result in information disclosure, such as the showing of password or encryption key information.

Operating system and firmware updates are needed in Azure Stack systems to ward off these speculative execution threats, called "Meltdown" and "Spectre" by researchers. Microsoft recommends applying the Azure Stack 1712 update to Azure Stack systems, although the update has some "known issues." Firmware updates, available from OEMs, are also needed after the Azure Stack 1712 update has been applied.